Author: Ice Race
On August 1 this year, a small wave of attacking small Japan was issued, but I saw it, mostly broken.
It is a small website, because the big website is strong, there may be a kind of attack method that may be more effective.
It is a refusal service to attack. Because DOS I think it is a low technical content of an attack method. It is also possible to say
Damage to the attack. But it really calculates simple and practical, fast, difficult to defend. Therefore, most people have been
The best way in there is no way. DOS mainly uses some weaknesses of TCP / IP.
First let's take a look at DOS definition, English is Denial of Service so it is referred to as DOS.
Chinese I quote the definition of an information security system in Sichuan University Information Security Institute is: Yes Information or Information
System resources are utilized or degraded or lost. It is to provide problems with service capabilities.
Ok, I mainly tell us how to clear the back door of DOS, which is the control terminal, of course, in the most common use of DDoS, distributed refusal service, such an attack effect, but this is to involve one Attacking the installation problem, so there is a lot of meat machine, I tried, the meat machine in the attack is usually 100% usage of the CPU, so when your computer is 100% of the use of Cupcpu At the time, you must see what is wrong. Maybe you act as a role of attacks.
Today I am talking about clear autocrat 1.21.36 (you can use Google can be found, very good) is developed by the 2002 HBU team, it is a powerful control end of a graphical interface, including Syn Flood, LAND, FAKEPING, furious ping These common denial service attacks are divided into two parts: the client and the server, the client is the control terminal (used by the controller), the server is the controlled terminal (used by the controller) The client can send an attack command to the server according to the situation, let the server attack who, the server attacked who. But not good is just the machine's machine, anyone can control, the Lord is whether it does not set password control.
It will open a port, like the first generation of Trojans, it is passively connected, the port is 8535, so, as long as you see your machine, you should be careful. It is not that you have become an attacker. Don't know how others find it, you still don't know why, its server is the server.exe client as a client, if you want to see if you haven't. First, look at the port, the second is to download the customer service, even 127.0.0.1 this IP is yours, if you come again ------------------- -------------------------------------------------- ----- 127.0.0.1 Connection success, send login information 127.0.0.1 - Autocrat DDoS Server Ready ... Login @ Billgates ------------------------------------------------------------------------------------------------------------------------------------------------ -------------------------------------------------- ----- Congratulations, you are there, haha! Don't believe you try it yourself, you can send your own news!
Let me be to clear it!
1. Find a tool to view the port, mainly requiring the process, I suggest you use the Antica Lab Aproman, (How to find this tool I don't close me!), Actually Under your cmd, you can also use NetStat -an this command to see the 8535 port, and then we use the Aproman tool to find the process command is: Aproman -a stop process command is: aproman -t id2. In the beginning - "Run, enter regedit to enter the registry, find the content when you use the Notepad when I exported to Server: --------------------- -------------------------------------------------- ------ Windows Registry Editor Version 5.00
[HKEY_USERS / S-1-5-21-1645522239-1993962763-170853768-1006 / Software / Microsoft / Search Assistant / ACMRU / 5603] "000" = "MyDDOS" "001" = "WSOCK32P.DLL" 002 "= "wsock32l.dll" 003 = "wsock32s.dll" ------------------------------------ ------------------------------------------
I am in XP and rename the server for MyDDOS, so I saw this, then we deleted it all these values.
3. Open start ---- "Search Find these files: c: /winnt/system32/wsock32s.dll c: /winnt/system32/wsock32l.dllc: /winnt/system32/wsock32p.dll deletes them You can look at their properties, see when you know when you are.
4. I am XP So, C: /Windows/system32/wupdmgr32.exe deletes this file wupdmgr32 to take a closer look. Is it a little bit better than the next file wupdmgr? It is wupdmgr32 in the process. You have to kill first before you can delete it.
5. Open in Start --- "Run, enter MSconfig to find the tub before the Nanning word Server. It is forbidden to serve.
Ok, it's ending here. If there is any problem with this article, please tell me my contact information: QQ 18184412 Email Anmeihong@sina.com
